This is an old revision of this page, as edited by Enquire (talk | contribs) at 16:55, 9 April 2014 (create section for major government website affected). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Revision as of 16:55, 9 April 2014 by Enquire (talk | contribs) (create section for major government website affected)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff) | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages)
|
The Internet and the Heartbleed Bug. For certain security reasons, about 66 percent of the internet including the worldwide web, and its constituent websites use security features to protect data access and transfer between servers, individual users, or either between the former and the latter. The Heartbleed Bug has proven to be "lethal" and so measures are being employed to counter the "infection".
It is called heart bleed because: Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server, as reported on the www.heartbleed.com
Several websites, including many well known ones have been affected but quite a few famous ones such as craigslist.org, Facebook.com and Google, among others are protected and not vulnerable to this bug. This internet security problem is a bug: yet, not a design flaw and it occurs in the implementation of the OpenSSL.
It was reported as early as on the 7th April, 2014.
As reported by heartbleed.com:
This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon's Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.
The security experts say the Internet will remain vulnerable as long as the flawed version of OpenSSL is in use. Although Fixed OpenSSL has been released, it must be deployed, according to beforeitsnews.com
Digg.com writes that, "The Heartbleed bug is a just-discovered vulnerability in the immensely popular OpenSSL cryptographic software library. OpenSSL is the most widely used implementation of a suite of security protocols called Secure Sockets Layer (SSL) that help encrypt traffic while surfing the web."
Government site affected
Canada
The Canadian Revenue Agency (CRA) closed-down its electronic services website over Heartbleed bug security concerns.
References
- Petri, Josh (8 April 2014). "Explaining The Terrifying Bug That Just Exposed A Huge Portion Of The Internet's Secrets". Digg.com. Retrieved 9 April 2014.
{{cite web}}: CS1 maint: year (link) - "Security concerns prompts tax agency to shut down website". CTV News. 2014-04-09. Retrieved 2014-04-09.
- "How widespread is this?", www.heartbleed.com. April 08, 2014. Web
- "Why it is called the Heartbleed Bug?", www.heartbleed.com. April 08, 2014. Web
- "What versions of the OpenSSL are affected?", www.heartbleed.com. April 08, 2014. Web
- "The security experts...", www.beforeitsnews .com. April 08, 2014. Web
 | This article has not been added to any content categories. Please help out by adding categories to it so that it can be listed with similar articles. (April 2014) |
| This article needs additional or more specific categories. Please help out by adding categories to it so that it can be listed with similar articles. (April 2014) |